Skip to content

Implement Rate Limiting Middleware for PDF Generator API #19

Open
Open
Implement Rate Limiting Middleware for PDF Generator API#19
Labels
ODHack14backendgood first issueGood for newcomers
@yusuftomilola

Description

@yusuftomilola
yusuftomilola
opened on May 28, 2025

Implement rate limiting middleware on the /pdf/generate API endpoint to prevent abuse, ensure fair usage, and protect server resources.

Details

  • Apply rate limits based on user identity (user ID extracted from JWT) or IP address if the user is unauthenticated.

Suggested Default Limits

  • Max 20 requests per minute per user/IP.
  • Configurable limits via environment variables for flexibility.
  • Use a scalable rate limiting library compatible with the backend stack
    (e.g., express-rate-limit, Redis-backed limiter).
  • Return HTTP 429 Too Many Requests status with a clear message when limits are exceeded.
  • Log rate limit violations with relevant metadata (user ID, IP, timestamp).
  • Ensure the middleware gracefully handles edge cases (e.g., missing user info).
  • Write automated tests simulating burst requests to verify limit enforcement and correct responses.

Acceptance Criteria

  • Rate limiting middleware correctly restricts excessive requests per user/IP.
  • Clients exceeding limits receive 429 responses with meaningful messages.
  • Rate limit breach events are logged for monitoring.
  • Tests cover normal usage and limit breach scenarios.

Metadata

Metadata

Assignees

No one assigned

    Labels

    ODHack14backendgood first issueGood for newcomers

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions